ornxka has quit [Quit: No Ping reply in 180 seconds.]
ornxka has joined #nixops
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixops
<cole-h_>
gchristensen: "sorry cole :(" ?
<gchristensen>
you left the channel right after I shared a nightmare
<cole-h_>
Oh :D
<cole-h_>
I'm always here...
cole-h has quit [Quit: Goodbye]
cole-h_ has quit [Quit: Goodbye]
pbb has quit [Ping timeout: 272 seconds]
pbb has joined #nixops
teto has joined #nixops
teto has quit [Ping timeout: 260 seconds]
typetetris has joined #nixops
<typetetris>
if using nixops is a `system.stateVersion` in the configuration for a host still necessary? (using nixops for a nixos host)
teto has joined #nixops
<adisbladis>
typetetris: stateVersion is saved in the nixops state and injected, so no.
<typetetris>
adisbladis: thanks
<typetetris>
seems like `network.description` has no effect for me `nixops list` still shows `Unnamed NixOps network`.
<typetetris>
Is this to be expected?
<gchristensen>
I think you have to do a deploy. `nixops list` uses cached data
<gchristensen>
and a deploy updates the cache
<typetetris>
gchristensen: thanks
<typetetris>
yes
<typetetris>
worked
<gchristensen>
great!
lordcirth has joined #nixops
teto has quit [Ping timeout: 260 seconds]
teto has joined #nixops
cole-h has joined #nixops
cole-h_ has joined #nixops
cole-h__ has joined #nixops
cole-h has quit [Ping timeout: 265 seconds]
cole-h__ is now known as cole-h
teto has quit [Ping timeout: 244 seconds]
yimmy149 has joined #nixops
teto has joined #nixops
teto has quit [Ping timeout: 252 seconds]
<typetetris>
I don't get, what the key management on a temporary file system protects me from. If someone hacks my server, its running and the keys are still there. Why is this temporary storage a thing?
<lordcirth>
typetetris, there are many attacks which would get access to the hard drive only, whether because the hard drive is stolen, or they gain a copy of a VM image, etc
<typetetris>
lordcirth: thanks
<cole-h>
Is there a way to use a GPG auth subkey instead of letting nixops generate a new SSH keypair?
<cole-h>
Oh hey, just gotta add it to my user.openssh.authorizedkeys lol
<cole-h>
Derp.
<cole-h>
Quick question: do changes to my `deployment.nix` get automatically pulled in, or do I need to do something special?
<gchristensen>
hm?
<lordcirth>
cole-h, where deployment.nix is the file you designated with nixops create?
<cole-h>
Yes, sorry.
<gchristensen>
just nixops deploy away
<lordcirth>
Yes, changes will be read. You only need "nixops modify" if you want to change the set of filenames
<cole-h>
e.g. I just added `{ install ? false }:` and `imports [ ... ] ++ lib.optional install ./host/install.nix` (for special first-install settings)
<gchristensen>
first-install settings? like what?
<gchristensen>
NixOS is best if there is no concept of "first install"
<cole-h>
gpg-agent, so I can decrypt my git-crypt'd secrets. Maybe it's unnecessary, though, now that I've fixed h-m's gpg-agent config.
<cole-h>
Actually, it's necessary because I use my gpg key for auth, and since my config repo is currently private, I need it to be able to pull my h-m config in the first place
<lordcirth>
cole-h, so why is that different on the first install, from successive deploys?
<cole-h>
I use (and prefer) h-m's gpg-agent, because it has more to customize... However, I'm now looking into if `programs.gnupg.agent` will actually work for me
<cole-h>
OK, the main reason I used h-m's gpg-agent was because it can handle .gnupg/sshcontrol; however, I can just use `home.file.".gnupg/sshcontrol"`. Problem solved; I can now use NixOS's module and not need that "first install" stuff :D
<cole-h>
...I really hate that the gnome3 pinentry doesn't have a TTY/curses/terminal/whatever fallback like gtk2 does...
<yimmy149>
could probably make a wrapper script that checks for DISPLAY and launches one or the other?
<cole-h>
Though I guess I could just set pinentryFlavor to null and then set `pinentry-program` in gpg-agent.conf...
teto has joined #nixops
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixops
<cole-h>
So, I just modified my `host/configuration.nix` and then ran `nixops deploy`, but `/etc/nixos/configuration.nix` is still different than `host/configuration.nix`. Is there something I need to do to make these changes take place, or am I misunderstanding something?
<adisbladis>
cole-h: nixops makes no attempt to update `/etc/nixos/configuration.nix`
<adisbladis>
What would we copy there?
<cole-h>
Hm, I am misunderstanding something, then. Should I remove my /etc/nixos/configuration.nix, or are these two different things? I'm wanting to have stuff like `users.users.user.extraGroups = ["asdf"]` in the nixops-imported configuration.nix and have that take effect
<cole-h>
When I `nixops deploy`, I'd expect for `user` to now be a part of group `asdf`
<yimmy149>
I think this is something that ought to be added to the docs... It's not clear what hardware/boot things need to be included in nixops, as well as system.stateVersion.
<adisbladis>
cole-h: In the case of nixops /etc/nixos/configuration.nix has no effect
<adisbladis>
That's a nixos-rebuild thing
<cole-h>
So nixops cannot replace nixos-rebuild?
<adisbladis>
cole-h: Sure it can :)
<adisbladis>
When you do `nixops deploy` it does something equivalent to `nixos-rebuild`
<adisbladis>
It just doesn't take /etc/nixos/configuration.nix into account in any way
<adisbladis>
Only whatever you have in your nixops deployment
<adisbladis>
I have /etc/nixos/configuration.nix as a symlink pointing to the same file I import in my deployment.nix
<adisbladis>
In case I need to nixos-rebuild to save my system
<adisbladis>
I do a lot of screwy things, I have on occasion killed ssh access
<cole-h>
Then, do you now how I should add a user to a group? Because my current trial of `users.users.user.extraGroups = [ "asdf" ];` doesn't appear to work.
<cole-h>
s/now/know/
<yimmy149>
is that file you import into deployment.nix closer to a hardware-configuration.nix than a configuration.nix in terms of content?
<adisbladis>
cole-h: configuration.nix
<adisbladis>
yimmy149: ^
<cole-h>
Nope, I import `configuration.nix`, which was a carbon-copy of my /etc/nixos/configuration.nix until recently
<yimmy149>
did you cat /etc/group to see if it was modified?
<cole-h>
The problem might be that I never enabled `virtualisation` (which in turn didn't add the `libvirtd` group)
<cole-h>
lol
<adisbladis>
:D
<cole-h>
Yep. That did it... lol.
<adisbladis>
cole-h: Isn't IRC great, you don't have to be all alone in your idiocy
<cole-h>
Probably (another) stupid question: nixops creates generations a la nixos-rebuild, right?
<cole-h>
Y'all are my rubber duck :D
<adisbladis>
cole-h: Yep
<cole-h>
Awesome. Great. Perfect.
<cole-h>
<3 yimmy149 <3 adisbladis Love you all.
<{^_^}>
adisbladis's karma got increased to 78
<{^_^}>
yimmy149's karma got increased to 1
<yimmy149>
I feel so validated.
<cole-h>
So your hunch about /etc/group was totally right -- it was never modified :D
<cole-h>
Though I guess it would be nice to see a warning if a user adds itself to a group that doesn't (yet) exist...
<yimmy149>
why is your stateVersion = 20.09, do you live in the future?
<adisbladis>
yimmy149: nixos-unstable has a default stateVersion for the next release
<cole-h>
Yeah, I run unstable
<yimmy149>
nice
<cole-h>
Thanks again for your help, guys. I think I have 2 blockers left (just things I need to figure out, really) before I switch to NixOS permanently :D
<adisbladis>
cole-h: Nice! Which blockers?
<cole-h>
I need to figure out GPU passthrough via libvirt, and I need to setup transmission and friends for... uh, seeding the NixOS iso
* infinisil
is using transmission too
<cole-h>
(That's why I'm trying it out :D -- I used to use rutorrent on Arch)
<adisbladis>
They're about to release transmission 3.0
<adisbladis>
Which made it _much_ easier to build the Qt client
<cole-h>
I was planning on just using the web client
<adisbladis>
cole-h: The Qt client can speak the RPC procotol, you can use it to talk to a daemon instance
<adisbladis>
I'll get that into nixpkgs as soon as it's released
<cole-h>
hot
<cole-h>
Man, it's real cool that doing `nix-shell -p nixops --run 'nixops deploy'` Just Works™, without prompting for root perms (because it uses my auth key to ssh into itself... :D)
<yimmy149>
I'm jealous, I'm using a git checkout of the libvirtd plugin, so I have to jump through more hoops
<gchristensen>
I never managed to make that one actually work :?
<gchristensen>
I didn't figure out how to make libvirtd work, really
<yimmy149>
It's really picky about it's "default store" from what I can tell... I had issues creating it as root, and even as my user, sometimes it took two tries.
<gchristensen>
yimmy149: maybe you could do a little nixops + libvirtd on NixOS tutorial?
<yimmy149>
I'm not sure I'm qualified to do that, but I might be able to at least write a guide on the first steps... other issues I've run into, is that the VM disks are built in the /tmp ramdisk, and ignore any effort of mine to change TMP, TMPDIR, TEMP, TEMPDIR. So if I build two VMs at once it runs out of space trying to create the disks.
<gchristensen>
that is okay you're already more qualified than I am, and I've merged PRs in to it .......
<gchristensen>
would you be interested in helping maintain the repo? :)
<yimmy149>
and private IPv4 is empty on the machines, nothing added to hosts. Not sure what the expectation is there with nixops?
<yimmy149>
I can try to help, at least test some things. I did already comment on your poetry2nix PR (I'm jhillyerd@ on GH)
<gchristensen>
awesome1
<gchristensen>
!
<gchristensen>
yeah if you could write up a short set of instructions, just even in reply to that PR, I'd really appreciate that